Sakai cle中的iframe攻击(xss)
[英]Iframe attack(xss) in sakai cle
问题描述
localhost:8080/portal/help/html/help.jsp?allowLink=true&emailLink='"()%26%251<iframe id="mainIframe" width="800" height="600" src="http://google.com"></iframe>
How to prevent cross site scripting in sakai. 
如何防止Sakai中的跨站点脚本编写。 i am calling req.getQueryString() in RequestFilter.java then i am getting this url.please help me how to solve issue 我在RequestFilter.java中调用req.getQueryString()然后获取此url.please帮助我如何解决问题
Thanks in Advance 提前致谢
1 个解决方案
解决方案1
3 已采纳 2014-06-06 02:53:39
If you uncover a security vulnerability in Sakai software please do not voice your concerns on any public listserv, blog or other open communication channel but instead notify the Sakai Foundation immediately at security@sakaifoundation.org. 如果您发现Sakai软件中的安全漏洞,请不要在任何公共列表服务器,博客或其他开放式通讯渠道上表达您的疑虑,而应立即通过security@sakaifoundation.org通知Sakai Foundation。 Please provide a callback telephone number so that we can contact you by telephone if it is deemed necessary. 请提供回拨电话号码,以便我们在必要时可以通过电话与您联系。
See the policy here: https://confluence.sakaiproject.org/display/SECWG/Security+Policy 在此处查看政策: https : //confluence.sakaiproject.org/display/SECWG/Security+Policy
If you create a login here: https://jira.sakaiproject.org/secure/Dashboard.jspa 如果您在此处创建登录名: https : //jira.sakaiproject.org/secure/Dashboard.jspa
You can report the security issue by creating an issue and setting the Security Level pulldown to "Security Issue" Thanks 您可以通过创建问题并将“安全级别”下拉列表设置为“安全问题”来报告安全问题。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.